diff --git a/war/resources/WEB-INF/security/LDAPBindSecurityRealm.groovy b/war/resources/WEB-INF/security/LDAPBindSecurityRealm.groovy
index 244b115bdf735391403f0a25a29e70b88c910d5f..031edcec6230ebd3647bc2e0f4b26467c22ca4e2 100644
--- a/war/resources/WEB-INF/security/LDAPBindSecurityRealm.groovy
+++ b/war/resources/WEB-INF/security/LDAPBindSecurityRealm.groovy
@@ -22,6 +22,10 @@ initialDirContextFactory(DefaultInitialDirContextFactory, instance.getLDAPURL()
   // managerPassword="..."
 }
 
+ldapUserSearch(FilterBasedLdapUserSearch, instance.userSearchBase, instance.userSearch, initialDirContextFactory) {
+    searchSubtree=true
+}
+
 bindAuthenticator(BindAuthenticator,initialDirContextFactory) {
     // this is when you the user name can be translated into DN.
 //  userDnPatterns = [
@@ -31,11 +35,6 @@ bindAuthenticator(BindAuthenticator,initialDirContextFactory) {
     userSearch = ldapUserSearch;
 }
 
-ldapUserSearch(FilterBasedLdapUserSearch, instance.userSearchBase, instance.userSearch, initialDirContextFactory) {
-    searchSubtree=true
-}
-
-
 authoritiesPopulator(DefaultLdapAuthoritiesPopulator,initialDirContextFactory,"ou=groups") {
   // groupRoleAttribute = "ou";
 }